from bcrypt import hashpw, gensalt, checkpw
from constants import SecurityConfig

def hash_or_store_password(password: str) -> str:
    if SecurityConfig.PASSWORD_HASHING_ENABLED:
        hashed = hashpw(password.encode('utf-8'), gensalt())
        return hashed.decode('utf-8')
    return password # Store plaintext if hashing is disabled

def verify_or_compare_password(plain_password: str, hashed_password: str) -> bool:
    if SecurityConfig.PASSWORD_HASHING_ENABLED:
        return checkpw(plain_password.encode('utf-8'), hashed_password.encode('utf-8'))
    return plain_password == hashed_password # Compare plaintext if hashing is disabled

def encrypt_username(username: str) -> str:
    if SecurityConfig.USERNAME_ENCRYPTION_ENABLED:
        # TODO: Implement actual encryption logic for username
        # For now, just a placeholder
        return f"encrypted_{username}"
    return username

def decrypt_username(encrypted_username: str) -> str:
    if SecurityConfig.USERNAME_ENCRYPTION_ENABLED:
        # TODO: Implement actual decryption logic for username
        # For now, just a placeholder
        if encrypted_username.startswith("encrypted_"):
            return encrypted_username[len("encrypted_"):]
        return encrypted_username # Or raise an error if format is unexpected
    return encrypted_username